The Italian group is one of the few insurers in France to refuse to cover these controversial payments.
Generali customers in France will no longer be able to be reimbursed by the insurer for the ransoms they pay to recover their data when they suffer a cyberattack via malicious software (“ransomware” in English). According to The echoeswho revealed the information, the Italian insurer implemented this new cyber risk insurance policy at the end of 2021, when the contracts were renegotiated.
Read alsoGenerali: one of the slingers leaves the shareholders’ agreement
This decision by Generali comes in a context of increasing cyberattacks. According to figures from an Orange Cyberdefense report, the number of cyberattacks against private and public companies rose by 13% during 2021. Among them, ransomware attacks are particularly numerous.
The question of whether or not to insure these ransoms is a dilemma for insurance professionals. From a financial point of view first, since the payment of a ransom can prove to be less costly than the costs of compensation in the event of the loss of a company’s strategic data. Generali’s position thus remains an exception in the field of insurance since, in France, only Axa France has chosen to suspend its insurance offer for ransomware.
Pressure from the authorities
This is part of a context where insurers are singled out by the authorities, who accuse them of encouraging the practice of ransoms by ensuring their reimbursement. “France remains one of the countries that “ransomware” target the most. The reason is that we pay ransoms there too systematically. (…) Some of the insurers even guarantee this payment”was indignant the deputy prosecutor Johanna Brousse, head of the cybercrime section at the Paris court, during a hearing in the Senate last April.
Read alsoBattle over the future of the CEO of Generali: new resignation to the CA
Also invited to this commission, the director general of ANSSI (the National Agency for the Security of Information Systems) Guillaume Poupard had described the practices of insurers with regard to ransoms as “dirty game”. A parliamentary report published last October even recommends formally prohibiting insurance contracts that cover the payment of ransoms in the event of a cyberattack.
SEE ALSO – Faced with cyberattacks in the European Union, Enisa wants to “strengthen the means”